#!/bin/bash

# For OpenSSL to automatically validate the cert against the CA
# cert, you need to symlink the cert to its hash.
# 
# You can generate the symlink like this:
#   ln -s $CERT `openssl x509 -in $CERT -noout -hash`.0; done

HOST=${1}

if [ -z $HOST ]; then
	echo "Usage: $0 <cert host name>"
	exit 1
fi

echo "Verifying cert against known CA certs:"
openssl verify -verbose -CApath . $CACERT ${HOST}.crt

echo ""
echo "Verifying Certificate and Private match:"
OUT1=$(openssl x509 -noout -modulus -in ${HOST}.crt | openssl md5)
OUT2=$(openssl rsa -noout -modulus -in ${HOST}.pem | openssl md5)

if [[ "$OUT1" == "$OUT2" ]]; then
	echo "Certificate and Private key are a match"
else
	echo "Certificate and Private key DO NOT MATCH"
fi

rm -f ${HOST}_decrypted.pem
